Security Suite Virus

Joined
Sep 3, 2009
Messages
128
Reaction score
1
Points
18
Your Mac's Specs
13" Unibody Macbook Pro, Iphone 4 16G
So, I have a virus on my HP desktop, it's the "Security Suite" virus. Essentially it pops up as if it is an Anti-Virus software and it claims your computer is infected and doesn't allow you to open anything. Most of the threads online say to boot your computer in safe mode with networking and then run Malwarebytes Anti-Malware software, but guess what, it doesn't work, somehow the virus has it set up to where it just won't run like that, with networking, or just in safe mode in general. I really don't want to have to save and reinstall everything, so I'm wondering if anyone has any ideas or if they have dealt with this.

I already have Malwarebytes on my computer from a previous time I had something like this happen, this virus just seems to be a little bit more tough.

Any help is greatly appreciated. Thanks, Adrian
 

bobtomay

,
Retired Staff
Joined
Dec 22, 2006
Messages
26,561
Reaction score
677
Points
113
Location
Texas, where else?
Your Mac's Specs
15" MBP '06 2.33 C2D 4GB 10.7; 13" MBA '14 1.8 i7 8GB 10.11; 21" iMac '13 2.9 i5 8GB 10.11; 6S
One of our office computers has one of those things on it.

None of the following have been able to get rid of it.
McAfee Corporate
Spybot
Malwarebytes
SuperAntiSpyware

Put up a post on bleepingcomputers several days ago and no response.
Time to blow it away and reinstall.
 
OP
A
Joined
Sep 3, 2009
Messages
128
Reaction score
1
Points
18
Your Mac's Specs
13" Unibody Macbook Pro, Iphone 4 16G
****! So did you every get these programs to run? Did they just not find the infected files?

If I could get the darn programs to open in the first place it would put me a step forward.
 

cwa107


Retired Staff
Joined
Dec 20, 2006
Messages
27,042
Reaction score
812
Points
113
Location
Lake Mary, Florida
Your Mac's Specs
14" MacBook Pro M1 Pro, 16GB RAM, 1TB SSD
Haven't run across one of these yet that couldn't be nuked by Malwarebytes (malwarebytes.org).

Just be sure to download it to a flash drive first, then boot the machine in safe mode and install from the flash drive. Update the product once it's installed, then run the FULL scan and not the quick scan.
 

bobtomay

,
Retired Staff
Joined
Dec 22, 2006
Messages
26,561
Reaction score
677
Points
113
Location
Texas, where else?
Your Mac's Specs
15" MBP '06 2.33 C2D 4GB 10.7; 13" MBA '14 1.8 i7 8GB 10.11; 21" iMac '13 2.9 i5 8GB 10.11; 6S
Already had McAfee and Spybot on the machine. Had to boot into Safe Mode to install and run most of them.

Forgot, also ran MSE - it will not install or uninstall in safe mode, but you can scan from safe mode. It found 8 trojans that neither McAfee nor Malwarebytes found. I was impressed with it.

The one that's left, allows us to use the machine partially. At least I think there's only one left. You just can't click on a google search return without it re-directing you somewhere else. It does work if you copy and paste the link. The fake scan only pops up about once a week and it runs under svchost. It doesn't run all the time, but once it starts it hogs 99% of the CPU. I'm so far behind it's going to be another week before I can work on a reinstall on that one.
 
Joined
Nov 28, 2007
Messages
25,564
Reaction score
486
Points
83
Location
Blue Mountains NSW Australia
Your Mac's Specs
Silver M1 iMac 512/16/8/8 macOS 11.6
Microsoft Security Essentials for me on my Dell Latitude. It is not a resource hog, easy (and fast) to update, provides all security precautions, anitvirus, spyware, malware etc and is simply a great price - FREE!
 
OP
A
Joined
Sep 3, 2009
Messages
128
Reaction score
1
Points
18
Your Mac's Specs
13" Unibody Macbook Pro, Iphone 4 16G
My main issue is that I can't get into safe mode for some reason, after I select run windows in safe mode with networking it flashes a black screen then restarts and only lets me select start windows normally. So then I'm back at square one, so If i can get it into safe mode I might be able to do something
 

cwa107


Retired Staff
Joined
Dec 20, 2006
Messages
27,042
Reaction score
812
Points
113
Location
Lake Mary, Florida
Your Mac's Specs
14" MacBook Pro M1 Pro, 16GB RAM, 1TB SSD
My main issue is that I can't get into safe mode for some reason, after I select run windows in safe mode with networking it flashes a black screen then restarts and only lets me select start windows normally. So then I'm back at square one, so If i can get it into safe mode I might be able to do something

That's unfortunate. Another option might be to build a Windows PE/BartPE boot disc or Flash Drive to boot the machine from. Then, run Malware Bytes from a Flash drive.

A word of advice.... run a browser with an Ad Blocker. These things are distributed via animations that appear to be a legit virus scanner. The user installs the malware by authorizing the supposed removal tool to install.
 
Joined
Feb 25, 2009
Messages
2,112
Reaction score
71
Points
48
Your Mac's Specs
Late 2013 rMBP, i7, 750m gpu, OSX versions 10.9.3, 10.10
Yeah, Along with cwa on this - you really need a clean OS to check the drive, certain infections will happily hide or block detection from other programs (including many times block their updating).

Another option if you don't want to build your own PE boot disc/drive is to get Hiren's BootCD which comes with a lightweight Windows XP with various tools on it to help you clean your system.
 
OP
A
Joined
Sep 3, 2009
Messages
128
Reaction score
1
Points
18
Your Mac's Specs
13" Unibody Macbook Pro, Iphone 4 16G
Uh Oh!!!! I just restarted my computer and tried to start it in safe mode and I got the message:

Windows could not start because the following file is missing or corrupt: <Windows root>/system32/hal.dll. Please reinstall a copy of the above file
 

cwa107


Retired Staff
Joined
Dec 20, 2006
Messages
27,042
Reaction score
812
Points
113
Location
Lake Mary, Florida
Your Mac's Specs
14" MacBook Pro M1 Pro, 16GB RAM, 1TB SSD
Uh Oh!!!! I just restarted my computer and tried to start it in safe mode and I got the message:

Windows could not start because the following file is missing or corrupt: <Windows root>/system32/hal.dll. Please reinstall a copy of the above file

Your OS is toast. HAL.dll is the Hardware Abstraction Layer, one of the fundamental components of Windows.

You've got two options to recover your data - remove the drive and hook it up to another machine externally, or boot the machine using a recovery disc of some sort.
 
OP
A
Joined
Sep 3, 2009
Messages
128
Reaction score
1
Points
18
Your Mac's Specs
13" Unibody Macbook Pro, Iphone 4 16G
The good thing is that I have a majority of my "important" things on my mac, and just pictures and music on this, but I have the music on a disk, and most of the pictures on Facebook, so I'll probably just reinstall windows
 
OP
A
Joined
Sep 3, 2009
Messages
128
Reaction score
1
Points
18
Your Mac's Specs
13" Unibody Macbook Pro, Iphone 4 16G
Well more issues now, I inserted a HP restore disk i made a couple years ago and hit "F" for full recovery, deleting everything, now it's on the HP recovery page but nothing is coming up, its just a blue screen. Is this the "blue screen of death"? I still have a pointer but nothing else is showing up

Update: I ejected the disk while it was on the page and now it's saying "Formatting hard disk partition" and now it's doing something, so i dont know what that was all about

Update again: It's not working, haha. I think when I ejected the disk it went into regular system recovery, but that didn't work and I had to restart, now i'm back at the blue screen
 
OP
A
Joined
Sep 3, 2009
Messages
128
Reaction score
1
Points
18
Your Mac's Specs
13" Unibody Macbook Pro, Iphone 4 16G
So I finally just gave up myself and sent it to a guy I know and he is going to install windows 7 onto it for $20, deal!!! Too bad all my old files are gone :\
 

cwa107


Retired Staff
Joined
Dec 20, 2006
Messages
27,042
Reaction score
812
Points
113
Location
Lake Mary, Florida
Your Mac's Specs
14" MacBook Pro M1 Pro, 16GB RAM, 1TB SSD
So I finally just gave up myself and sent it to a guy I know and he is going to install windows 7 onto it for $20, deal!!! Too bad all my old files are gone :\

Sounds like a pirated copy to me. Look out for Product Activation issues.

I know a lot of IT people think that the Enterprise version of Windows 7 doesn't require activation, but they're wrong. Since Vista, a local Activation Server is required.
 

bobtomay

,
Retired Staff
Joined
Dec 22, 2006
Messages
26,561
Reaction score
677
Points
113
Location
Texas, where else?
Your Mac's Specs
15" MBP '06 2.33 C2D 4GB 10.7; 13" MBA '14 1.8 i7 8GB 10.11; 21" iMac '13 2.9 i5 8GB 10.11; 6S
And just a heads up on the virus or whatever it is that installs this thing. After the first round of work with the guys at bleepingcomputers, their suggestion was to blow it away and reinstall and immediately disconnect it from all network access. They may or may not be able to get rid of it all.

This is a nasty. It will steal any passwords and pass them up the line. It's the underlying nasty that actually downloads and installs the Security Suite virus all on it's lonesome. Had one computer that I was able to get the Security Suite removed, come in 2 days later and it had re-installed itself.

This thing was running under the process name svchost which is used by a number of legitimate Windows processes. It would also turn itself on after hours and shut itself down prior to our normal working hours. The mornings I was coming in early, it'd be running the CPU full bore.
 
OP
A
Joined
Sep 3, 2009
Messages
128
Reaction score
1
Points
18
Your Mac's Specs
13" Unibody Macbook Pro, Iphone 4 16G
Sounds like a pirated copy to me. Look out for Product Activation issues.

I know a lot of IT people think that the Enterprise version of Windows 7 doesn't require activation, but they're wrong. Since Vista, a local Activation Server is required.

Ya he seems to know what he is doing, he has put a system on my brothers and girlfriends computer and haven't had any issues yet

As for that Security suite, i hope it doesn't come back, d*mn viruses
 

dtravis7


Retired Staff
Joined
Jan 4, 2005
Messages
30,133
Reaction score
703
Points
113
Location
Modesto, Ca.
Your Mac's Specs
MacMini M-1 MacOS Monterey, iMac 2010 27"Quad I7 , MBPLate2011, iPad Pro10.5", iPhoneSE
Just a note. Talked to a friend yesterday. He got this virus we seem to be talking about in this thread on his new Windows 7 Netbook. So far the only systems I have worked on with this have been XP. Even my very careless neighbor with his Vista box has gotten nothing.

Since my friend is at a university and needs the netbook every day for his work, he just formatted it as he did not have the time to mess around trying to zap it all.
 
OP
A
Joined
Sep 3, 2009
Messages
128
Reaction score
1
Points
18
Your Mac's Specs
13" Unibody Macbook Pro, Iphone 4 16G
It's pretty crazy, I'm not a big computer tech guy, but usually if I get any sort of virus (which I had similar one probably a year ago too) an I was able to get it off my computer, but they are just getting so good with completely effing everything up with PC's, glad I own a Mac!
Is there a possibility these types of viruses will ever come to Apple Computers? :|
 
OP
A
Joined
Sep 3, 2009
Messages
128
Reaction score
1
Points
18
Your Mac's Specs
13" Unibody Macbook Pro, Iphone 4 16G
Still have yet to have an issue with it coming back on my computer *crossing fingers* my brother actually got this virus yesterday on his Sony computer, it's not the same "anti-virus" software but similar. I just gave him Malwarebytes on a usb-drive so we will see if we acted quickly enough this time to get rid of it. He can actually start his computer in safe mode so thats a positive :Cool:
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top